Hi,
i would like to know if it is possible to retrieve the products scope for an app belonging to more than one product. I have tested the scenario with an app belonging to Product_A and Product_B that have different set of scopes (Product_A=x,y and Product_B=z). But using an AccessEntity activity (as below) i can only see in the trace window the scope of the first product only! Shouldn't i get the union of scopes?
thanks lot.
<AccessEntity name='AE-Product'> <EntityType value='apiproduct' /> <EntityIdentifier type='consumerkey' ref='parsedRequest.client_id' /> <!-- result is stored in a variable: AccessEntity.AE-Product --></AccessEntity>
The AccessEntity policy only returns the first apiproduct that it finds.
If you want to get all scopes of all apiproducts of your app you can use a dummy OAuth GenerateAccessToken policy to get all the scopes for you. Credits go to @Sean Davis, see here.
This the the basic idea:
0) Verify API Key policy
1) Make all settings for the OAuth GenerateAccessToken policy
2) Execute GenerateAccessToken policy
3) Fetch the scopes variable
0) Verify api key to fill client_id and client_secret variables which are necessary in step 1b.
<VerifyAPIKey name="verify-api-key" enabled="true" continueOnError="false" async="false"> <DisplayName>Verify API Key</DisplayName> <APIKey ref="request.queryparam.apikey"/> </VerifyAPIKey>
1a) Set the dummy grant_type which is necessary by step 2
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-OAuth-Variables"> <DisplayName>Assign OAuth Variables</DisplayName> <Properties/> <AssignVariable> <Name>dummy_grant_type</Name> <Value>client_credentials</Value> </AssignVariable> </AssignMessage>
1b) set the Basic Authorization header which is necessary by step 2:
<BasicAuthentication name="BasicAuth.EncodeClientCredentials"> <DisplayName>BasicAuth.EncodeClientCredentials</DisplayName> <Operation>Encode</Operation> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables> <User ref="verifyapikey.verify-api-key.client_id"/> <Password ref="verifyapikey.verify-api-key.client_secret"/> <AssignTo createNew="false">request.header.Authorization</AssignTo> </BasicAuthentication>
2) GenerateAccessToken, make sure the GenerateResponse is set to "false".
<OAuthV2 async="false" continueOnError="false" enabled="true" name="Get-Scopes"> <DisplayName>Get Scopes</DisplayName> <Properties/> <Attributes/> <ExternalAuthorization>false</ExternalAuthorization> <Operation>GenerateAccessToken</Operation> <SupportedGrantTypes> <GrantType>client_credentials</GrantType> </SupportedGrantTypes> <GenerateResponse enabled="false"/> <GrantType>my_grant_type</GrantType> <ClientId>verifyapikey.verify-api-key.client_id</ClientId> </OAuthV2>
3) Fetch the scopes variable. In my example I put it in the payload of the response.
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Repsonse"> <DisplayName>Assign Repsonse</DisplayName> <Properties/> <Set> <Payload>{oauthv2accesstoken.Get-Scopes.scope}</Payload> </Set> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="response"/> </AssignMessage>
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |